We are Coles Group with registered number 460627257 and address The Estate Office, Roundoak, Heniker Lane, Sutton Valence, Kent ME17 3ED. Our Data Protection Lead can be contacted at enquiries@thecolesgroup.co.uk.
We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the UK Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 ("Data Protection Legislation").
The terms "Personal Data", "Special Categories of Personal Data", "Personal Data Breach", "Data Protection Officer", "Data Controller", "Data Processor", "Data Subject" and "process" (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. "Data Protection Lead" is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
You can exercise your right to access personal data held about you by contacting enquiries@thecolesgroup.co.uk with the subject line: "Subject Access Request".
When you submit a subject access request, you may be required to provide suitable proof of identity before information can be disclosed. This service is provided free of charge and our response will normally be made within one month unless the request is manifestly unfounded or excessive. In such cases, we may charge a reasonable administrative fee or extend the response period as permitted by law.
If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at enquiries@thecolesgroup.co.uk.
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are :
Legitimate interests are a flexible basis upon which the law permits the processing of an individual's personal data.
To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you. This balancing exercise is carried out by our Data Protection Lead.
You have the right to object to processing carried out under legitimate interests and we will consider any such objection carefully.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
We may also create aggregated or anonymised data for statistical purposes. Where such information can identify an individual, it will be treated as personal data.
We do not intentionally collect Special Category Personal Data unless required by law or necessary for the provision of our services.
| Reference | What categories of information about you do we process? | Why are we processing your data? | Where did we get your personal data from? |
| B2B Marketing |
|
Direct marketing to former, current and prospective clients. Processed under legitimate interests. | Directly obtained or by referral from existing clients/partners/suppliers. |
| Analytics |
|
Understanding website usage and improving services. Processed under legitimate interests. | Directly obtained or indirectly obtained through a client's website (notice given at the point of collection). |
| Fraud Prevention |
|
Preventing and investigating fraud and protecting legitimate business interests. | Directly obtained or indirectly obtained through a client's website (notice given at the point of collection). |
| Contact Submission |
|
Responding to enquiries submitted through forms, email or other communication channels. | Directly obtained or indirectly obtained through a client's website (notice given at the point of collection). |
| Direct Debits |
|
Establishing and managing direct debit payments. Processed under performance of a contract. | Directly obtained. |
| Phone Calls |
|
Telephone calls to and from our business are recorded for training, quality assurance, compliance, dispute resolution, fraud prevention and auditing purposes. We also collect Calling Line Identification (CLI) information. This processing is conducted under our legitimate interests. | Directly obtained. |
| Telephone Call Recording |
|
Where telephone calls are recorded, callers will be informed at the beginning of the call or otherwise made aware that recording is taking place.
Call recordings are used only for legitimate business purposes including training, quality assurance, compliance monitoring, dispute resolution, fraud prevention and auditing. Access to recordings is restricted to authorised personnel and recordings are retained only for as long as necessary in accordance with our retention procedures. |
Directly obtained. |
| Email and Web Contact |
|
Responding to enquiries, requests and complaints and improving our service. | Directly obtained or indirectly obtained through our website (notice given at the point of collection). |
| Consumer Marketing |
|
Marketing products and services to existing customers where permitted by law. | Directly obtained. |
Cookies are small text files that are placed on your computer's hard drive through your web browser when you visit any web site.
We use cookies to:
You may disable cookies through your browser settings, although some website functionality may not operate correctly.
Where required by law, non-essential cookies will only be used with your consent.
Where personal data is required for the performance of a contract, we may be unable to provide our services if you do not provide the requested information.
Where we process information on behalf of another Data Controller, requests to restrict processing may need to be referred to that Data Controller.
Coles Group does not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.
We retain personal data only for as long as necessary for the purposes for which it was collected.
Contractual records may be retained for up to six years after the end of the relationship.
Financial and taxation records may be retained for longer where required by law.
Call recordings will be retained only for as long as reasonably necessary for the purposes identified in this notice.
We may share personal data with trusted service providers, professional advisers, regulators, law enforcement agencies and government bodies where necessary and lawful to do so.
Some of our service providers may be located outside the United Kingdom or European Economic Area.
Where personal data is transferred internationally, appropriate safeguards will be implemented, including:
Data Controllers
| Name of Third Party Controller | What processing are we performing for them? | If applicable - who is their representative within the EU? |
|---|---|---|
| HMRC, regulatory authorities or other authorities | We are joint Controller with these authorities who require reporting of processing in some situations | N/A |
| Postal/Courier Providers | Where these providers act as Data Controller, we are joint Controller with them for the purposes of sending you physical documents. | N/A |
Our Data Processors
| Name of Third Party Processor | Purposes for Carrying out Processing |
|---|---|
| Maidstone County Court | |
| Maidstone Borough Council | |
| The Property Software Group | |
| Tenancy Deposit Scheme | |
| Van Mildert | |
| On The Market | |
| Rightmove |
If you have any concerns about how we process your personal data, please contact us first at enquiries@thecolesgroup.co.uk.
You also have the right to complain to the Information Commissioner's Office (ICO) at www.ico.org.uk
Last Updated: June 2026
COLES GROUP
The Estate Office
Roundoak
Heniker Lane
Sutton Valence
Kent
ME17 3ED
